properly check for article ownership in getArticleFeed()

author Andrew Dolgov <fox@bah.org.ru>

Tue, 29 Dec 2009 13:19:53 +0000 (16:19 +0300)

committer Andrew Dolgov <fox@bah.org.ru>

Tue, 29 Dec 2009 13:19:53 +0000 (16:19 +0300)
author Andrew Dolgov <fox@bah.org.ru>
Tue, 29 Dec 2009 13:19:53 +0000 (16:19 +0300)
committer Andrew Dolgov <fox@bah.org.ru>
Tue, 29 Dec 2009 13:19:53 +0000 (16:19 +0300)
diff --git a/functions.php b/functions.php

index 464a2cbdd3f9c0e240aa9d12671ab59de77f1cec..6621b361ee2a6de9073e93f1f2ee1cf4efa2fcd6 100644 (file)
--- a/functions.php
+++ b/functions.php
@@ -6475,7 +6475,7 @@
  
         function getArticleFeed($link, $id) {
                 $result = db_query($link, "SELECT feed_id FROM ttrss_user_entries 
-                       WHERE ref_id = '$id'");
+                       WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
  
                 if (db_num_rows($result) != 0) {
                         return db_fetch_result($result, 0, "feed_id");
author	Andrew Dolgov <fox@bah.org.ru>
	Tue, 29 Dec 2009 13:19:53 +0000 (16:19 +0300)
committer	Andrew Dolgov <fox@bah.org.ru>
	Tue, 29 Dec 2009 13:19:53 +0000 (16:19 +0300)